Have you found any on-ramp providers not requiring API secrets? (Especially for Bitcoin on-ramps where MetaMask snaps aren’t a good fit I guess?)
Or alternatively, have you hacked a workaround for your canisters to utilize API secrets stored elsewhere, not accessbile by node operators?